166

I've opened port 80 in the web console on my E2C instance's security group but I still can't access it via the public dns in the browser.

Any ideas?

Arafat Nalkhande
  • 8,663
  • 7
  • 35
  • 57
josh
  • 1,687
  • 2
  • 11
  • 3

4 Answers4

347

This is actually really easy:

  • Go to the "Network & Security" -> Security Group settings in the left hand navigation
  • Find the Security Group that your instance is apart of
  • Click on Inbound Rules
  • Use the drop down and add HTTP (port 80)
  • Click Apply and enjoy
Eric Leschinski
  • 123,728
  • 82
  • 382
  • 321
M.W. Felker
  • 4,335
  • 1
  • 17
  • 18
  • 15
    He did mention that he's opened the port in the security group already, but it _should_ be as easy as this... – aaaidan Jul 20 '12 at 02:21
  • 8
    Question was not answered, port 80 is open as the question states – Pete_ch May 02 '13 at 02:01
  • 4
    this helped us big time, the apply button is a little bit hidden, you have to scroll down to find it. – Michael Moeller May 29 '13 at 09:45
  • 3
    I have already done this too, and it still doesn't work. – coolcool1994 Aug 08 '13 at 12:06
  • 1
    I also didn't see the apply button way down there. – stephen.hanson Feb 23 '14 at 05:22
  • 6
    Also, check your firewall (as nsof stated). RHEL has iptables started by default. Windows has windows FW. Turn them off and see if that was the problem. If it was, then edit the firewall to allow 80/443 and restart – Andrew Backer Feb 28 '14 at 08:36
  • 2
    I need restart something? I added the rule on my proxy on ec2, but I cant access the port. – Marcos Bergamo Feb 26 '15 at 15:15
  • 1
    @Kefka late to the party but you shouldn't need to restart. Just remember to add the specific port in the rule. I thought I had to restart myself but even after like 4 restarts it still wasn't being accessed but after I put some thought to it only did I realize that port 3000 had to be opened..not HTTP which is port 80. Hope that helps. – shriek Sep 25 '15 at 08:33
  • @shriek that is correct, there needs to be no restart. This question is specific to a web server talking over port 80 (apache default for example) but it goes the same for anything else. If you have some fancy JS app that runs on 3000, you should add that instead. Ports for the win! – M.W. Felker Sep 29 '15 at 20:29
  • 1
    Make sure to allow ssh - I was locked out because apparently setting one allow rule deletes a default that allows ssh (guessing here). Once I allowed ssh I was able to get back in. Also note that your existing connections will be killed. – Greg Bell Nov 02 '15 at 02:25
  • Check your firewall and add rule for the ports you intend to use. – Utkarsh Gupta Oct 10 '19 at 15:48
  • Try this if you have already added HTTP(port 80) for your server's Security Group, try add following lines but still port 80 is still closed : /sbin/iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT ; /sbin/iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT ; /sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 – orli Mar 07 '20 at 04:45
  • https://www.youtube.com/watch?v=P8fdyyQjPuc – Nanhe Kumar Jul 24 '20 at 20:00
19

Some quick tips:

  1. Disable the inbuilt firewall on your Windows instances.
  2. Use the IP address rather than the DNS entry.
  3. Create a security group for tcp ports 1 to 65000 and for source 0.0.0.0/0. It's obviously not to be used for production purposes, but it will help avoid the Security Groups as a source of problems.
  4. Check that you can actually ping your server. This may also necessitate some Security Group modification.
Simon at LabSlice-com
  • 2,919
  • 3
  • 19
  • 27
  • 7
    Er - I'd strongly recommend NOT disabling the Windows Firewall on an EC2 instance, ever. However, Server 2008 automatically keeps Port 80 closed by default, so you will need to add (or activate) the Port 80 'allow' rule. – Eight-Bit Guru Feb 15 '11 at 18:54
  • 1
    I should have added that all steps above are really for debugging the issue, but then you should revert back to whatever is appropriate for your setup. – Simon at LabSlice-com Feb 15 '11 at 21:33
  • 1
    I agree with Jonners, especially if it's a windows box: any internet accessible box is liable to be portscanned by blackhats and script kiddies, even if naked to the internet for only a short time. "Reverting back", then continuing to use the potentially compromised server is a no-no for production use. Instead, burn the instance in the fires of hell and start a new one. – aaaidan Jul 20 '12 at 00:27
  • About the "disabling windows firewall", I had the same question, about if I should do that or not. Then, I found a clear response from amazon. "We recommend that you disable Windows Firewall and control access to your instance using security group rules." http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/troubleshooting-windows-instances.html#rdp-issues – foxontherock Apr 21 '16 at 18:20
15
  1. Check what security group you are using for your instance. See value of Security Groups column in row of your instance. It's important - I changed rules for default group, but my instance was under quickstart-1 group when I had similar issue.
  2. Go to Security Groups tab, go to Inbound tab, select HTTP in Create a new rule combo-box, leave 0.0.0.0/0 in source field and click Add Rule, then Apply rule changes.
Marboni
  • 2,234
  • 3
  • 21
  • 35
10

For those of you using Centos (and perhaps other linux distibutions), you need to make sure that its FW (iptables) allows for port 80 or any other port you want.

See here on how to completely disable it (for testing purposes only!). And here for specific rules

nsof
  • 1,319
  • 12
  • 25